BLOG

Warning! Don't Click!

Warning! Don't Click!

The internet has become an indispensable tool for everyday life, both personal and business. Its global use and familiarity have also opened the doors for cyber criminals to take every opportunity to exploit vulnerable people through disturbing online attacks. Online scams and malware are also becoming increasingly sophisticated, and while many of us are aware of what to look for and what to do when they arise, there are some that may still be confused by the latest scams discussed in the media.

We have a list of the most common cyber threats, and the best tips on what to do when you encounter them.

Please feel free to read through this list, to make sure that you are aware of what to look for and how to handle any security attacks that may arise.

Botnets

A botnet is the same as a criminal using malware (malicious software) to turn your computer into a robot also known as bot for short. When combined with several other computers, these systems together form a botnet. These Bots can often spread themselves across the Internet by searching for vulnerable and unprotected computers. Exposed computers can be infected quickly and unknown to the user stay inactive until they are needed to perform a damaging attack. Once infected these bots can be controlled remotely to perform automated tasks over the internet such as sending out spam, malware and spyware; launching denial of service (DoS) attacks against other systems; or participating in other types of cyber-crime such as theft or fraud.

Hacking

Hacking a computer has been around much longer than people have had computers in their own homes, and is a term used to describe gaining unauthorized access into your computer. Hacking is used to find weaknesses in your security settings which are then exploited to gain sensitive or personal information, to install malware, or to block or hijack your access to websites or email.

Malware

Extremely common, malware, or malicious software, is software you don’t want to infect your computer. Malware is comprised of computer viruses, worms, ransomware and Trojan horses. Specifically designed to disrupt, damage or gain control of your company’s computer system or data. Each of these types of malware has its own purpose:

It may tell you that your computer has a security problem,

Re-formats your hard drive,

Alters, deletes or encrypts files

Steal sensitive information

Sends unauthorized emails

Takes control of your computer and all the software on it.

Types of Malware

Viruses - When a computer virus is executed it will replicate itself and insert copies of itself into your computer programs, data files, hard drive or connected networks. By doing this the virus infects your system and interferes with the way a computer operates. Viruses are often spread via normal looking attachments in an email message or instant message; through downloads, or in pirated software.

Trojan Horse - Like the Greek tale, the Trojan horse or Trojan, employs social engineering so that it looks legitimate, useful or interesting to the potential victim who is then more susceptible to installing it on their computer. As a non-self-replicating type of malware program it is designed so when it is executed it carries out the actions determined in the program, often including joining the computer to a botnet.

Ransomware - As a relatively recent addition to the malware family, ransomware is a digital form of extortion. When you open a malicious email attachment or click a malicious link in an email message, instant message, on a social networking site, or other website; ransomware is downloaded onto your computer and is designed to block access to all your files and programs until a sum of money is paid. A computer becomes basically inoperable as you have no access to any of your files (unless you have done regular data backups). It is generally advised that you don’t pay the ransom as you cannot be guaranteed you will get the key or code to unlock your files.

Phishing - Has also become a firm favorite of cyber-criminals. These sophisticated modern day forgers use deception and social engineering techniques to trick users. This is done by sending emails, text messages or website links purporting to be from authentic companies that the victim may have had previous communications with (also called spoofing). These fake messages or links are then used to persuade the recipient to reveal personal information including usernames, passwords and credit card details. Phishing scams have become increasingly prevalent because they are easy to execute, and with little effort.

Spam - Is another common method for sending information out and collecting it from unsuspecting people. Spam is usually the mass distribution of unsolicited messages, marketing, advertising or pornography. Spam tends to annoy people mostly by clogging their inboxes with junk, however it can also be a vehicle for malware, scams, fraud and threats to privacy.

TIPS FOR CYBER SECURITY

It is vital that anyone who sends and receives emails daily is made aware and is well educated on these common types of cyber threats. There are a wide range of things you should remember and make sure to put into place within your organization, written information security programs (WISPs) to ensure your organization’s computers are protected the best way possible.

Avoid giving your email address out online. If you publish your email address on the web, make it so that it cannot be harvested by bots. There are alternative ways to display an email address which in turn makes it hard for spambots and cyber criminals to harvest it. For example “me at NSKINC dot com” = me@nskinc.com

Never open an attachment that is a .zip file or .exe file unless you are expecting it. Files from unknown senders usually contain malware or viruses.

Always check to see who is sending you an email communication. Be aware that malware, phishing scams or spam may come from unrecognizable or odd email addresses, however legitimate email addresses can be forged easily.

DO NOT CLICK IT. If unsure, report the message as ‘spam’ to your service provider, and delete it! You should delete the email from your trash also to save you from accidentally opening it in the future.

Only click links from trusted senders. If an email has a link you don’t recognize, take a closer look by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.

Check for spelling, grammar and syntax. Most malware, phishing scams or spam originate from foreign countries so may contain some obvious errors.

A reputable company or organization will never use an email to request personal information. If you think there is a possibility it may be legitimate, type the real URL into your browser or contact the company directly.

Reading an email in plain text rather than html can help to avoid phishing attempts, however this is not 100% foolproof.

Report any suspicious or scam emails to the company that is being imitated, your email security provider, or to SCAMwatch.

If a computer runs slowly, keeps crashing or stops responding often, this could be a sign that the computer is infected. Get an IT professional to look at it for you.

Utilize multilayered defenses. This includes installing anti-virus, anti-malware, anti-spyware, and using cloud based email filtering and web filtering services. You should also not conduct day to day work with Administrator privileges on your workstation. Instead, you should use elevated privileges only when required, for example to install trusted software. Having one form of protection alone may not cover you for all the possible threats.

Use external devices cautiously. This includes USBs and iPads/iPhones etc. as these can become infected with malware, corrupting your computer.

Cyber criminals are quite adept at tricking email users into falling for their scams. They are always coming up with new methods of deception. It is in the best interest of every organization to ensure all their employees are educated on the most commonly known threats. Staying cyber-vigilant and applying solid security measures, is always the best defense against any future breaches.